WO2005117331A1 - A method of encrypting and transferring data between a sender and a receiver using a network - Google Patents
A method of encrypting and transferring data between a sender and a receiver using a network Download PDFInfo
- Publication number
- WO2005117331A1 WO2005117331A1 PCT/GB2005/001479 GB2005001479W WO2005117331A1 WO 2005117331 A1 WO2005117331 A1 WO 2005117331A1 GB 2005001479 W GB2005001479 W GB 2005001479W WO 2005117331 A1 WO2005117331 A1 WO 2005117331A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- receiver
- server
- encryption key
- data
- specific encryption
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 91
- 238000012546 transfer Methods 0.000 claims abstract description 119
- 238000004891 communication Methods 0.000 claims description 32
- 241001441724 Tetraodontidae Species 0.000 claims description 9
- 230000008569 process Effects 0.000 description 28
- 238000012545 processing Methods 0.000 description 15
- 230000004044 response Effects 0.000 description 7
- 238000012790 confirmation Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000006837 decompression Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/22—Arrangements for preventing the taking of data from a data transmission channel without authorisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Definitions
- the present invention relates to a method of encrypting and transferring data between a sender and a receiver using a network thereby resulting in transfer of data in a secure manner.
- sensitive data is increasingly sent in electronic form from a sender to a receiver. In such circumstances, it has become more and more important to ensure that the data can not be intercepted or read by unauthorized people, that is to say, the data must be transferred in a secure manner so that the content of the data can only be accessed by the sender and the receiver.
- a secure connection link can be set up between a sender A and a receiver B before transfer of the data occurs.
- a method of encrypting and transferring data between a sender and a receiver using a network comprising the steps of:-' • a server receiving from the sender an identifier of the receiver; establishing a transfer specific encryption key specific to the transfer; encrypting the data using the transfer specific encryption key; the server accessing receiver specific information according to the received identifier of the receiver and encrypting, with the receiver specific information, said transfer specific encryption key; transferring the encrypted data and the encrypted transfer specific encryption key over the network for receipt by the receiver; the server receiving from the receiver the encrypted transfer specific encryption key; the server accessing the receiver specific information to decrypt the encrypted transfer specific encryption key; and decrypting the encrypted data using the decrypted transfer specific encryption key.
- the method further comprises establishing a communication link between the sender and the server and sending said identifier of the receiver to the server. [0013] In one embodiment, the method further comprises establishing the communication link between the sender and the server to be a secure link.
- the method further comprises establishing the communication link between the sender and server subject to a check by the server of a password of the sender.
- the method further comprises- establishing a communication link between the receiver and the server and sending said identifier of the receiver to the server.
- the method further comprises establishing the communication link between the receiver and the server to be a secure link.
- the method further comprises establishing the communication link between the receiver and server subject to a check by the server of a password of the receiver.
- establishing the transfer specific encryption key takes place at the sender and the established transfer specific encryption key is sent to the server.
- encrypting the data using the transfer specific encryption key takes place at the sender.
- the sender receives from the server the encrypted transfer specific encryption key and the sender transfers the encrypted data and the encrypted transfer specific encryption key to the receiver over the network.
- the receiver receives from the server the decrypted transfer specific encryption key and decrypting the encrypted data using the decrypted transfer specific encryption key takes place at the receiver.
- establishing the transfer specific encryption key specific takes place at the server.
- encrypting the data using the transfer specific encryption key takes place at the server.
- the server transfers the encrypted data and the encrypted transfer specific encryption key to the receiver over the network.
- decrypting the encrypted data using the decrypted transfer specific encryption key takes place at the server and the server transfers the decrypted data to the receiver.
- the method further comprises sending an identifier of the receiver from the sender to the server.
- the method further comprises sending an identifier of the receiver from the receiver to the server.
- the method further comprises :- establishing a message authentication code (MAC) value for the data prior to encrypting; transferring the MAC value together with the encrypted data and the encrypted transfer specific encryption key; and establishing a MAC value for the data after decrypting and validating it against the transferred MAC value.
- MAC message authentication code
- encrypting the transfer specific encryption key uses one or more of a public key encryption method, a blowfish algorithm, secret code of server.
- a method of operating a server for encrypting and transferring data between a sender and a receiver using a network comprising the steps of :- receiving from the sender an identifier of the receiver; accessing receiver specific information according to the received identifier of the receiver and encrypting, with the receiver specific information, a transfer specific encryption key that is used to encrypt the data; receiving from the receiver the encrypted transfer specific encryption key after the encrypted data and the encrypted transfer specific encryption key have been transferred over the network for receipt by the receiver accessing the receiver specific information to decrypt the encrypted transfer specific encryption key.
- the method of operating a server further comprises establishing in the server a transfer specific encryption key specific to the transfer.
- the method of operating a server further comprises receiving from the sender a transfer specific encryption key specific to the ' transfer; and transferring the encrypted transfer specific encryption key to the sender.
- the method of operating a server further comprises encrypting the data in the server using the transfer specific encryption key.
- the method of operating a server further comprises transferring the encrypted data and the encrypted transfer specific encryption key over the network for receipt by the receiver.
- the method of operating a server further comprises transferring the decrypted transfer specific, encryption key to 'the receiver.
- the method of operating a server further comprises decrypting the encrypted data in the server using the decrypted transfer specific encryption key.
- a computer medium for a method of encrypting and transferring data between a sender and a receiver using a network including:- computer code for receiving from the sender an identifier of the receiver and establishing a transfer specific encryption key specific to the transfer; computer code for encrypting the data using the transfer specific encryption key; computer code for accessing receiver specific information according to the received identifier of the receiver and encrypting, with the receiver specific information, said transfer specific encryption key; computer code for transferring the encrypted data and the encrypted transfer specific encryption key over the network for receipt by the receiver; computer code for receiving from the receiver the ' encrypted transfer specific encryption key and for accessing the receiver specific information to decrypt the encrypted transfer specific encryption key; and computer code for decrypting the encrypted data using the decrypted transfer specific encryption key.
- Figure 1 shows a schematic diagram of a system operating a method of the present invention encrypting and transferring data between a sender and a receiver using a network
- Figure 2 shows a schematic block diagram of the operating modules of the server used in figure 1
- Figure 3 is a flowchart showing the processes involved- in the sender and the server for the present invention to send data from the sender to the server
- Figure 4 is a flowchart showing the processes involved in the receiver and the server in response to an email received from the server.
- FIGS. 1 and 2 show a system operating one embodiment of a method of encrypting and transferring data between a sender and a receiver using a network.
- the system operates to encrypt and transfer data between a sender apparatus 100 and a- receiver apparatus 200.
- the sender apparatus .100 comprises a computer 101 connected to a keyboard 107, a data source
- the data source can comprise a disc reader of some sort or an interface connection to a data library, the data source storing the data to be transferred to the receiver.
- the computer 101 has a general access bus 106 connecting to a microprocessor 102, a memory 103, a display interface 104, an input device interface 109, and a web browser 110 for connecting to the Internet via a connection 111.
- the display interface 104 is connected to the external display device 105 whilst the input device interface
- the memory 103 will typically store the sender's ID and the sender's password although these may be input via the keyboard 107 in response to display prompts on the display device 105.
- the receiver apparatus 200 comprises a mobile phone having an Internet capability via a web browser 210 connecting to the Internet via a connection 211.
- the web browser is connected to a general access bus 206 connecting to a microprocessor 202, a memory 20-3, a display interface 204, and an input device interface 209.
- the display interface 204 is connected to an integral display device 205 whilst the input device interface 209 is connected to an integral keyboard 207.
- the memory 203 will typically store the receiver's TD and the receiver's password although these may be input via the keyboard 207 in response to display prompts on the display device 205.
- the apparatus 200 further includes an email client 212 for sending and receiving emails via a connection 213 to the Internet.
- a server 300 is also connected to the Internet via a connection 302.
- a detailed block diagram of the structure of the server is shown in figure 2. This structure of the server will be explained in combination with a description of the operation of the system of the present invention.
- both the sender and receiver are initially registered with the server 300 and their details are stored in a server database module 306.
- the information stored includes at least an ID and password i for each sender and receiver.
- the sender wishes to transfer data held at the data source 108 to the receiver.
- the sender In order for the sender to transfer the data, the sender needs to know the ID of the receiver .and the web address of the server 300. This information may be stored in the memory 103 of the sender or can be manually input through the keyboard 107 in response to prompts on the display device 105.
- the server 300 includes a web server 301 connected to the Internet via a connection 302. The web server is connected to an input bus 303 and is controlled by a microprocessor 304. When the sender contacts the web address of the server, a secure link such as an SSL link is established, the details of which are well known to those skilled in the art.
- the microprocessor 304 does noti allow access for the sender to the present system until a password check has been completed by module 305 in conjunction with access to database module 306.
- the details of such password checks are well known in the art and are therefore not described here.
- a screen display is sent by the server 300 to the ' sender. By completing this screen, the sender sends to the server the identity of the receiver ID together with the data to be transferred, which is obtained from the data source 108. These inputs are acted on by the modules towards to upper edge of the figure.
- the server microprocessor 304 On receipt of the receiver ID and the data to be sent, the server microprocessor 304 forwards the data to a message authentication code (MAC) generator module 307.
- MAC message authentication code
- the known MD hash algorithm is used to generate an MD hash value from the data.
- the MD hash value is forwarded to an email client 312 ' connected to the Internet via a link 316 so as to be ready for processing into a part of an email.
- the received data is compressed in module 308 before being encrypted by module 309 using a session key obtained from a module 310.
- the session key is generated from a random number, provided by a random number generator 311. This session key is specific to this data and the transfer thereof, it therefore becomes a transfer specific encryption key.
- the encrypted data is consequently forwarded to the email client 312 ready for processing into a part of an email.
- the session key from module 310 is also encrypted in module 313 using the public key of a public key/private key encryption technique, for example RSA encryption which is well known in the art. Thereafter, the output from module 313 is further encrypted in module 314 using a blowfish algorithm which incorporates the password of the receiver which is obtained from the database 306. This password is output according to the ID of the receiver forwarded from the microprocessor on bus 315.
- the encrypted session key is forwarded to the email client 312 ready for processing into a part of an email.
- the email client 312 processes the MD hash value, the encrypted data and the encrypted session key in known manner to construct an email which is then sent to the appropriate address of the receiver provided by the microprocessor on bus 315 following access to the database 306. In known manner, the email client allocates a unique label to the email and logs the sending thereof.. A confirmation of the sending of the email is also sent to the sender either using the web server 301 or the email client 312 .
- the email that is sent by the server 300 can be received in the typical manner by the email client 212 of the mobile phone 200.
- the content of the email is set up to either alert the receiver to a transfer of data using the system of the present invention or will automatically activate the web browser 210 to initiate a communication link ⁇ to the server 300.
- the receiver under control of the microprocessor 202, the receiver contacts the web address of the server and a secure link such as an SSL link is established, the details of which are well known to those skilled in the art.
- the server microprocessor 304 does not allow access to the present system until a password check has been completed by module 305 in conjunction with access to database module 306. The details of such password checks are well known in the art and are therefore not described here.
- the server microprocessor 304 forwards the encrypted session key to a module 320 which applies a reverse blowfish algorithm in combination with the password o.f the receiver which is obtained from the database 306 on bus 315 according to the ID of the receiver.
- the output from module 320 is then further decrypted in module 321 using the private key of the RSA encryption used to send the data.
- the original session key of module 310 is re-produced.
- the sender wishes to transfer specific data to a specific receiver, having a known receiver ID.
- the sender makes contact with the server in an attempt to establish a secure communication link, for example, an SSL link. Establishing this link involves running through certain connection protocols and the abovementioned password check and can take the form of a display of a web page on the display device 105, the input of appropriate login data on the web page and so forth. As mentioned before, the establishing of such a communication link and the password check are well known to those in the art and will not be described in detail here.
- the server in response to contact from the sender, also tries in step SIB to establish the communication link by running through certain connection protocols and the abovementioned password check.
- step S2B The server will then check in step S2B to see whether a valid link has been made, that is all protocols of communication have been met and that all password checks have been passed. If the link has not been established, or the password check failed, the server goes to error processing step S3B. Such a step may involve further attempts to establish a communication link. Assuming that a valid communication link is established, the process moves to step S4B to wait for receipt of the receiver ID .and the data to be transferred. A time out step can be included at this point if required. [0066] In the sender, a check is made in step S2A to also see whether a valid link has been made, that is all protocols of communication have been met and that all password checks have been passed.
- step S3A If the link has not been established, or the password check failed, the sender goes to error processing step S3A. Such a step may involve further attempts to establish a communication link. Assuming that a valid communication link is established, the process moves to step S4A to send the receiver ID and the data to be transferred. A time out step can be included at this point if required.
- a data transfer web page is displayed on the display device 105 which requires the input of the ID of the receiver and an attachment of the data, for example a file located at the data source 108.
- the completed data transfer page is then sent to the server 300. It will be apparent that the data to be encrypted may be entered directly into the data transfer page.
- the content of the data transfer page is received by the server 300 in step S4B after which the process proceeds to step S5B.
- the server produces an MD hash value unique to the data and forwards the value to the email client 312, after which the process proceeds to step S6B.
- step S6B the data is compressed, for example by zipping.
- step S7B a random number from the random number generator 311 is obtained to generate a session key which is specific to this data transfer. Thereafter in step S8B, the data is encrypted with this session key and the encrypted data is forwarded to the email client 312.
- step S9B in which the session key is encrypted using a public RSA key. Thereafter, the process moves to step S10B to retrieve the password of the receiver after which, in step SUB, the result of step S9B is encrypted with a blowfish algorithm using the password retrieved in step S10B. The resultant encrypted session key is then forwarded to the email client 312.
- an email is formulated in known manner by the email client 312 into an appropriate . format for transfer by HTML, for example ' by base 64 encoding. It can also have an HTML- attachment file, or inline HTML code for the encrypted data and encrypted session key.
- the email is then sent and the sending of the email is logged in the usual way, and confirmation sent to the sender, after which the process ends.
- the email contains the MD hash value, the encrypted data, and the encrypted session key, preferably as hidden fields.
- the email preferably also includes an HTML link to enable the receiver to connect back to the server. This link is configured to automatically submit the hidden fields in the HTML form back to the server.
- the email subject header is the subject header chosen by the sender, and the email is addressed to the email address of the receiver.
- the sender receives confirmation of the sending of the email and the process ends.
- Figure 4 is a flowchart showing the processes involved in the receiver and the server in response to an email received from the server.
- the receiver 200 receives the email from the server which contains, amongst other things, the encrypted data, the encrypted session key, and the MD hash value.
- the email can be downloaded either using webmail or using the email client 212 over the link 213.
- the receiver opens the email and makes contact with the server in an attempt to establish a secure communication link, for example, an SSL link.
- step S101B the server, in response to contact from the receiver, also tries in step S101B to establish the communication link by running through certain connection protocols and the abovementioned password check. The server then checks in step S102B to see whether a valid link has been made, that is all protocols of communication have been met and that all password checks have been passed.
- step S103B If the link has not been established, or the password check failed, the server goes to error processing step S103B. Such a step may involve further attempts to establish a communication link. Assuming that a valid communication link is established, the process moves to step S104B to wait for receipt of the receiver ID and other information including the encrypted data, the encrypted session key and the MD hash value. A -time out step can be included at this point if required. [0077] In the receiver, a check is made in step S103A to also see whether a valid link has been 'made, that is all protocols of communication have been met and that all password checks have been passed. If the link has not been established, or the password check failed, the sender goes to error processing step S104A. Such a step may involve further attempts to establish a communication link. A time out step can be .included at this point if required.
- step S105A to send the receiver ID and the other information mentioned in the preceding paragraph.
- the latter can be in the form of hidden HTML fields in the email which are submitted to the server 300. It will be apparent that the protocol for the timing and arrangements for sending of ID's, hidden fields, passwords etc can be varied to suit particular situations.
- step S105B to retrieve the password of the receiver from module 306 after which, in step S106B, the encrypted session key is decrypted with the blowfish algorithm using the password retrieved in step S105B.
- step S107B the process moves to an RSA decryption step S107B in which the result of step S106B is decrypted using the private key of the server. This results in the session key being produced.
- step S108B the process moves to S108B in which the still compressed data is decrypted u'sing the decrypted session key produced from step S107B.
- step S109B the process moves to step S109B to de-compress the data.
- step S110B the server produces an MD hash value unique to the data from step S109B.
- step SlllB the MD hash value from step S110B is checked against the MD hash value received at step S104B.
- step S113B the process proceeds to step S113B and the now unencrypted data of the sender is forwarded to the receiver over the secure link. The sending of this data is logged and the process ends. If the MD hash value can not be validated, the process branches to error processing S112B. This can involve logging of the error and sending of an error message to the receiver to indicate that the data may have been corrupted or compromised. [0082] At step S106A the receiver receives the unencrypted data and the process ends. [0083] In the embodiment of the invention described above, the entire encryption and decryption process is carried out at the server 300. Thus, the sender and receiver do not need any special software to be able to securely send or receive data.
- steps S5B to S8B in figure 3 now take place in the sender. This can reduce the processing demands placed on the server.
- the receiver receives the email at their email client and can process the email as in figure 4.
- the present invention also encompasses the alternative of the functions within the box 322 of figure 2 being provided in the receiver once an email is received from the server. That is to say, in this modification, the decryption of the data, the decompression of the data, the generation of an MD hash value and the validation thereof are all conducted within the receiver. However, a secure link is established with the server as above, but in this case only the encrypted session key is sent to the server'.
- the modules S320 and S321 again decrypt the session key which in this case is returned to the receiver.
- the encrypted data is decrypted using the decrypted session key, decompressed, an MD hash value generated and checked for validity, against the MD hash value received in the email. It can be seen therefore that steps S108B to S113 in figure 4 now take place in the receiver. This can reduce the processing demands placed on the server. [0087] It will be appreciated that both the modifications mentioned above can be implemented at the same time. Nevertheless, with the present invention, the encryption of the session key, in combination with the password of the receiver, takes place in the server. [0088] It will be appreciated that -a group of users can be registered )to receive emails when required.
- the IT department of a firm may register all employees.
- the password check fails in the server, reference to other passwords in that group can be consulted.
- this may be downloaded from the server during the registration process and then installed.
- the password check during the link between the receiver and the server in step 102A can be dispensed with if required.
- the server 300 can be arranged to carry out further checks to attempt to obtain the correct password, for example, by looking up old passwords of the receiver and
- the server can generate a one shot password which it sends to the receiver by whatever secure means are appropriate, e.g. secure post or by a secure link or by secure email, requiring the user to change their password to a secure password to be used thereafter.
- the identities of both the sender and the receiver may be verified so that the sender can send data to a receiver who does not have special software installed so that the receiver is confident of the origin of the data.
- the encryption and decryption attempts are logged, which may allow a sender to check whether a receiver has received and decrypted the data, and may allow a receiver to check whether data which they are expecting to receive has been dispatched yet.
- the sender and receiver apparatus can take many forms, a non exclusive list comprising for example, a computer, a personal digital assistance or other hand held device, a lap top computer, a mobile telephone.
- the server is preferably a computer, although it may also be an alternative type of computing device.
- the server maintains receiver specific information, such as a password, which is used by the server in an encryption process.
- the server obtains this information from a data store, which has a list of receiver IDs and the receiver specific information which is held secret.
- the receiver specific information may comprise a password, a pass phrase, a PIN number, a hash value or any other information to be used for verification of identity.
- the network used with present invention may be the Internet, a local intranet such as an Ethernet network, a telephone network, a radio network, or any other type of network for transferring data.
- a secure SSL connection is used between the server and the sender and/or between the server and the receiver.
- the sender and receiver may be identified to the server by their email addresses (or other network addresses) . However, they may also have user IDs which are unrelated to their network addresses.
- the server may have a list of network addresses in its database, and/or it may have a list of user IDs, where the network address and/or user IDs are each associated with secret receiver specific information.
- the server 300 may include a secret code unique to the server and known only to the server. This secret code may be included into the blowfish encryption and decryption modules. The secret code can be used in the encryption in addition to, using the receiver specific information. These two pieces of information may simply be concatenated to be used in the encryption process. The use of the secret key provides an enhanced level of security to the system. [00100] It will be appreciated that the server does not need to retain the session. key or any of the data being sent to the receiver. These may be stored in volatile memory on the server, and overwritten when further data and keys are encrypted. This has the advantage that the server does not need to have a large amount of memory available for storing old and possibly redundant data and/or' keys.
- the carrier medium can comprise a transient medium, e.g. an electrical, optical, microwave, RF, electromagnetic, acoustic or magnetic signal (e.g. a TCP IP signal over an IP network such as the internet) , or a carrier medium such as a floppy disk, CD ROM, hard disk, or programmable memory device .
- a transient medium e.g. an electrical, optical, microwave, RF, electromagnetic, acoustic or magnetic signal (e.g. a TCP IP signal over an IP network such as the internet)
- a carrier medium such as a floppy disk, CD ROM, hard disk, or programmable memory device.
- the present invention can find application, for example, with mobile phone providers who can distribute monthly statements to mobile phone users in a secure manner, the mobile phone user connecting to the server to retrieve the encrypted statement.
- banks can distributes details of incoming payments to their customers who simply can connect to the server as described above to retrieve such details, with the details being distributed in a secure manner.
Abstract
Description
Claims
Priority Applications (18)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
MXPA06013609A MXPA06013609A (en) | 2004-05-24 | 2005-04-18 | A method of encrypting and transferring data between a sender and a receiver using a network. |
DE602005015106T DE602005015106D1 (en) | 2004-05-24 | 2005-04-18 | DATA BETWEEN A SENDER AND A RECEIVER USING A NETWORK |
EP05734559A EP1751911B1 (en) | 2004-05-24 | 2005-04-18 | A method of encrypting and transferring data between a sender and a receiver using a network |
KR1020067027260A KR101143770B1 (en) | 2004-05-24 | 2005-04-18 | A method of encrypting and transferring data between a sender and a receiver using a network |
AU2005332289A AU2005332289B8 (en) | 2004-05-24 | 2005-04-18 | A method of encrypting and transferring data between a sender and a receiver using a network |
BRPI0511201-0A BRPI0511201A (en) | 2004-05-24 | 2005-04-18 | encryption and data transfer method between sender and recipient using a network, server operating method for encrypting and transferring data between a sender and recipient using a network and computer media for encryption and data transfer method between a sender and a recipient using a network |
PL05734559T PL1751911T3 (en) | 2004-05-24 | 2005-04-18 | A method of encrypting and transferring data between a sender and a receiver using a network |
AT05734559T ATE434878T1 (en) | 2004-05-24 | 2005-04-18 | METHOD FOR ENCRYPTING AND TRANSFERING DATA BETWEEN A SENDER AND A RECIPIENT USING A NETWORK |
CA2569761A CA2569761C (en) | 2004-05-24 | 2005-04-18 | A method of encrypting and transferring data between a sender and a receiver using a network |
DK05734559T DK1751911T3 (en) | 2004-05-24 | 2005-04-18 | Method of encrypting and transmitting data between a transmitter and a receiver using a network |
CN2005800222561A CN1981476B (en) | 2004-05-24 | 2005-04-18 | A method of encrypting and transferring data between a sender and a receiver using a network |
JP2007514065A JP4913044B2 (en) | 2004-05-24 | 2005-04-18 | Method for encrypting and transporting data between sender and receiver using a network |
EA200602160A EA009997B1 (en) | 2004-05-24 | 2005-04-18 | A method of encrypting and transferring data between a sender and a receiver using a network |
NZ552251A NZ552251A (en) | 2004-05-24 | 2005-04-18 | A method of encrypting and transferring data between a sender and a receiver using a network |
IL179466A IL179466A (en) | 2004-05-24 | 2006-11-21 | Method of encrypting and transferring data between a sender and a receiver using a network |
NO20065967A NO20065967L (en) | 2004-05-24 | 2006-12-20 | Procedure for encrypting and transmitting data between a transmitter and a receiver using a network |
HK07102838.5A HK1095452A1 (en) | 2004-05-24 | 2007-03-16 | A method of encrypting and transferring data between a sender and a receiver using a network |
HR20090506T HRP20090506T1 (en) | 2004-05-24 | 2009-09-24 | A method of encrypting and transferring data between a sender and a receiver using a network |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GBGB0411560.6A GB0411560D0 (en) | 2004-05-24 | 2004-05-24 | A method of encrypting and transferring data between a sender and a receiver using a network |
GB0411560.6 | 2004-05-24 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005117331A1 true WO2005117331A1 (en) | 2005-12-08 |
Family
ID=32607869
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/GB2005/001479 WO2005117331A1 (en) | 2004-05-24 | 2005-04-18 | A method of encrypting and transferring data between a sender and a receiver using a network |
Country Status (27)
Country | Link |
---|---|
US (1) | US8478995B2 (en) |
EP (1) | EP1751911B1 (en) |
JP (1) | JP4913044B2 (en) |
KR (1) | KR101143770B1 (en) |
CN (1) | CN1981476B (en) |
AT (1) | ATE434878T1 (en) |
AU (1) | AU2005332289B8 (en) |
BR (1) | BRPI0511201A (en) |
CA (1) | CA2569761C (en) |
CY (1) | CY1109389T1 (en) |
DE (1) | DE602005015106D1 (en) |
DK (1) | DK1751911T3 (en) |
EA (1) | EA009997B1 (en) |
ES (1) | ES2329149T3 (en) |
GB (1) | GB0411560D0 (en) |
GE (1) | GEP20094692B (en) |
HK (1) | HK1095452A1 (en) |
HR (1) | HRP20090506T1 (en) |
IL (1) | IL179466A (en) |
MX (1) | MXPA06013609A (en) |
NO (1) | NO20065967L (en) |
NZ (1) | NZ552251A (en) |
PL (1) | PL1751911T3 (en) |
PT (1) | PT1751911E (en) |
UA (1) | UA89784C2 (en) |
WO (1) | WO2005117331A1 (en) |
ZA (1) | ZA200610784B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008030991A2 (en) * | 2006-09-06 | 2008-03-13 | Agilix Labs, Inc. | Security methods for preventing access to educational information by third parties |
CN101039132B (en) * | 2006-03-14 | 2012-08-22 | 三星电子株式会社 | Method of distributing gid in PLC network, method of receiving gid in PLC network, apparatus for authorization in PLC network, and PLC device |
WO2013125982A1 (en) * | 2012-02-21 | 2013-08-29 | Rawllin International Inc. | Dual factor digital certificate security algorithms |
Families Citing this family (33)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7565538B2 (en) * | 2004-04-05 | 2009-07-21 | Microsoft Corporation | Flow token |
US7643818B2 (en) | 2004-11-22 | 2010-01-05 | Seven Networks, Inc. | E-mail messaging to/from a mobile terminal |
CA2571891C (en) * | 2006-12-21 | 2015-11-24 | Bce Inc. | Device authentication and secure channel management for peer-to-peer initiated communications |
US8286171B2 (en) | 2008-07-21 | 2012-10-09 | Workshare Technology, Inc. | Methods and systems to fingerprint textual information using word runs |
US9092636B2 (en) | 2008-11-18 | 2015-07-28 | Workshare Technology, Inc. | Methods and systems for exact data match filtering |
DE102009051383A1 (en) | 2009-10-30 | 2011-05-12 | Siemens Aktiengesellschaft | Method and device for the secure transmission of data |
WO2011103561A2 (en) * | 2010-02-22 | 2011-08-25 | Lockify, Inc. | Encryption system using web browsers and untrusted web servers |
AU2011241482A1 (en) * | 2010-04-15 | 2012-12-06 | Australian Postal Corporation | Communication system and method |
CN102299747A (en) * | 2010-06-22 | 2011-12-28 | 上海云途信息技术有限公司 | Device, system and method for performing safe data communication based on sound waves |
US10783326B2 (en) | 2013-03-14 | 2020-09-22 | Workshare, Ltd. | System for tracking changes in a collaborative document editing environment |
US11030163B2 (en) | 2011-11-29 | 2021-06-08 | Workshare, Ltd. | System for tracking and displaying changes in a set of related electronic documents |
US20120136862A1 (en) | 2010-11-29 | 2012-05-31 | Workshare Technology, Inc. | System and method for presenting comparisons of electronic documents |
CN102740241A (en) * | 2011-03-31 | 2012-10-17 | 中兴通讯股份有限公司 | Method and system for secure transmission of media information |
US10880359B2 (en) | 2011-12-21 | 2020-12-29 | Workshare, Ltd. | System and method for cross platform document sharing |
US9613340B2 (en) | 2011-06-14 | 2017-04-04 | Workshare Ltd. | Method and system for shared document approval |
US10574729B2 (en) | 2011-06-08 | 2020-02-25 | Workshare Ltd. | System and method for cross platform document sharing |
US9948676B2 (en) | 2013-07-25 | 2018-04-17 | Workshare, Ltd. | System and method for securing documents prior to transmission |
US9170990B2 (en) | 2013-03-14 | 2015-10-27 | Workshare Limited | Method and system for document retrieval with selective document comparison |
US20140122184A1 (en) | 2012-10-29 | 2014-05-01 | Elwha Llc | Food Supply Chain Automation Grocery Information System And Method |
US9704122B2 (en) | 2012-10-29 | 2017-07-11 | Elwha Llc | Food supply chain automation farm tracking system and method |
US20140121811A1 (en) * | 2012-10-29 | 2014-05-01 | Elwha Llc | Food Supply Chain Automation Food Service Information Interface System And Method |
US10911492B2 (en) | 2013-07-25 | 2021-02-02 | Workshare Ltd. | System and method for securing documents prior to transmission |
WO2015084797A1 (en) | 2013-12-02 | 2015-06-11 | Mastercard International Incorporated | Method and system for secure tranmission of remote notification service messages to mobile devices without secure elements |
US10133723B2 (en) | 2014-12-29 | 2018-11-20 | Workshare Ltd. | System and method for determining document version geneology |
US11182551B2 (en) | 2014-12-29 | 2021-11-23 | Workshare Ltd. | System and method for determining document version geneology |
US11763013B2 (en) | 2015-08-07 | 2023-09-19 | Workshare, Ltd. | Transaction document management system and method |
US10715497B1 (en) | 2017-02-13 | 2020-07-14 | Wells Fargo Bank, N.A. | Digital safety box for secure communication between computing devices |
DE102017204181A1 (en) * | 2017-03-14 | 2018-09-20 | Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. | Transmitter for emitting signals and receiver for receiving signals |
CN109936547A (en) | 2017-12-18 | 2019-06-25 | 阿里巴巴集团控股有限公司 | Identity identifying method, system and calculating equipment |
CA3090993A1 (en) | 2018-02-12 | 2019-08-15 | The Chamberlain Group, Inc. | Movable barrier operator having updatable security protocol |
WO2019231348A1 (en) * | 2018-05-31 | 2019-12-05 | Публичное Акционерное Общество "Сбербанк России" | Method and system for secure information storage in file-based data warehouses |
US10837217B2 (en) | 2019-01-24 | 2020-11-17 | The Chamberlain Group, Inc. | Movable barrier imminent motion notification system and method |
US10846956B2 (en) | 2019-01-24 | 2020-11-24 | The Chamberlain Group, Inc. | Movable barrier imminent motion notification system and method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0869652A2 (en) * | 1997-04-01 | 1998-10-07 | Tumbleweed Software Corporation | Document delivery system |
US20030046533A1 (en) * | 2000-04-25 | 2003-03-06 | Olkin Terry M. | Secure E-mail system |
US20030172262A1 (en) * | 2002-03-06 | 2003-09-11 | Ian Curry | Secure communication apparatus and method |
Family Cites Families (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5757907A (en) | 1994-04-25 | 1998-05-26 | International Business Machines Corporation | Method and apparatus for enabling trial period use of software products: method and apparatus for generating a machine-dependent identification |
JP3590143B2 (en) * | 1995-07-28 | 2004-11-17 | 株式会社東芝 | Email transfer device |
JP3627384B2 (en) * | 1996-01-17 | 2005-03-09 | 富士ゼロックス株式会社 | Information processing apparatus with software protection function and information processing method with software protection function |
US5751813A (en) * | 1996-04-29 | 1998-05-12 | Motorola, Inc. | Use of an encryption server for encrypting messages |
US5982506A (en) * | 1996-09-10 | 1999-11-09 | E-Stamp Corporation | Method and system for electronic document certification |
US6009173A (en) * | 1997-01-31 | 1999-12-28 | Motorola, Inc. | Encryption and decryption method and apparatus |
US6775382B1 (en) * | 1997-06-30 | 2004-08-10 | Sun Microsystems, Inc. | Method and apparatus for recovering encryption session keys |
JPH11122293A (en) * | 1997-10-14 | 1999-04-30 | Sharp Corp | Electronic mail server system |
EP0936812A1 (en) | 1998-02-13 | 1999-08-18 | CANAL+ Société Anonyme | Method and apparatus for recording of encrypted digital data |
EP1125182B1 (en) | 1998-10-07 | 2003-01-02 | Adobe Systems Incorporated | Distributing access to a data item |
US6813358B1 (en) * | 1998-11-17 | 2004-11-02 | Telcordia Technologies, Inc. | Method and system for timed-release cryptosystems |
US6601169B2 (en) * | 1999-12-30 | 2003-07-29 | Clyde Riley Wallace, Jr. | Key-based secure network user states |
WO2001069843A2 (en) | 2000-03-10 | 2001-09-20 | Absolutefuture, Inc. | Method and system for coordinating secure transmission of information |
EP1273125A2 (en) | 2000-04-14 | 2003-01-08 | PostX Corporation | Systems and methods for encrypting/decrypting data using a broker agent |
US20020025046A1 (en) | 2000-05-12 | 2002-02-28 | Hung-Yu Lin | Controlled proxy secure end to end communication |
JP3494961B2 (en) * | 2000-07-21 | 2004-02-09 | パナソニック コミュニケーションズ株式会社 | Encryption processing apparatus and encryption processing method |
US6904521B1 (en) * | 2001-02-16 | 2005-06-07 | Networks Associates Technology, Inc. | Non-repudiation of e-mail messages |
JPWO2002080447A1 (en) | 2001-03-29 | 2004-07-22 | ソニー株式会社 | Information processing equipment |
US7136840B2 (en) * | 2001-04-20 | 2006-11-14 | Intertrust Technologies Corp. | Systems and methods for conducting transactions and communications using a trusted third party |
WO2002093405A2 (en) * | 2001-05-15 | 2002-11-21 | Veridis | Method and device for transmitting an electronic message |
JP2003143124A (en) * | 2001-10-31 | 2003-05-16 | Nec Corp | System, method and program for transmission and reception of telegraphic message |
JP3711931B2 (en) * | 2001-12-27 | 2005-11-02 | 日本電気株式会社 | E-mail system, processing method thereof, and program thereof |
US7146009B2 (en) * | 2002-02-05 | 2006-12-05 | Surety, Llc | Secure electronic messaging system requiring key retrieval for deriving decryption keys |
US7213269B2 (en) | 2002-02-21 | 2007-05-01 | Adobe Systems Incorporated | Application rights enabling |
WO2003079634A1 (en) | 2002-03-14 | 2003-09-25 | Livedevices Limited | Secure internet communication for small embedded devices |
US7216226B2 (en) * | 2002-04-01 | 2007-05-08 | Hewlett-Packard Development Company, L.P. | Unique and secure identification of a networked computing node |
RU2300844C2 (en) | 2002-06-18 | 2007-06-10 | Ооо "Крейф" | Personal cryptoprotection system |
AU2003245574A1 (en) * | 2002-06-21 | 2004-01-06 | Probix, Inc. | Method and system for protecting digital objects distributed over a network using an electronic mail interface |
US8484551B2 (en) | 2002-09-05 | 2013-07-09 | Adobe Systems Incorporated | Creating input fields in electronic documents |
US7398200B2 (en) | 2002-10-16 | 2008-07-08 | Adobe Systems Incorporated | Token stream differencing with moved-block detection |
US7069245B2 (en) * | 2003-02-06 | 2006-06-27 | Business Wire | Simultaneous network news distribution |
US7735144B2 (en) | 2003-05-16 | 2010-06-08 | Adobe Systems Incorporated | Document modification detection and prevention |
US7315947B2 (en) | 2003-05-20 | 2008-01-01 | Adobe Systems Incorporated | Author signatures for legal purposes |
TW200509637A (en) | 2003-07-14 | 2005-03-01 | Nagravision Sa | Method to create and manage a local network |
US7930757B2 (en) | 2003-10-31 | 2011-04-19 | Adobe Systems Incorporated | Offline access in a document control system |
NL1025125C2 (en) | 2003-11-07 | 2005-05-10 | Backbase B V | Method, design and system for expanding a mark-up language. |
US7487353B2 (en) * | 2004-05-20 | 2009-02-03 | International Business Machines Corporation | System, method and program for protecting communication |
-
2004
- 2004-05-24 GB GBGB0411560.6A patent/GB0411560D0/en not_active Ceased
-
2005
- 2005-04-18 DK DK05734559T patent/DK1751911T3/en active
- 2005-04-18 WO PCT/GB2005/001479 patent/WO2005117331A1/en active Application Filing
- 2005-04-18 ES ES05734559T patent/ES2329149T3/en active Active
- 2005-04-18 EP EP05734559A patent/EP1751911B1/en active Active
- 2005-04-18 UA UAA200613642A patent/UA89784C2/en unknown
- 2005-04-18 CN CN2005800222561A patent/CN1981476B/en active Active
- 2005-04-18 AU AU2005332289A patent/AU2005332289B8/en active Active
- 2005-04-18 KR KR1020067027260A patent/KR101143770B1/en not_active IP Right Cessation
- 2005-04-18 BR BRPI0511201-0A patent/BRPI0511201A/en not_active IP Right Cessation
- 2005-04-18 JP JP2007514065A patent/JP4913044B2/en not_active Expired - Fee Related
- 2005-04-18 MX MXPA06013609A patent/MXPA06013609A/en active IP Right Grant
- 2005-04-18 GE GEAP20059778A patent/GEP20094692B/en unknown
- 2005-04-18 DE DE602005015106T patent/DE602005015106D1/en active Active
- 2005-04-18 CA CA2569761A patent/CA2569761C/en active Active
- 2005-04-18 NZ NZ552251A patent/NZ552251A/en not_active IP Right Cessation
- 2005-04-18 EA EA200602160A patent/EA009997B1/en not_active IP Right Cessation
- 2005-04-18 PL PL05734559T patent/PL1751911T3/en unknown
- 2005-04-18 AT AT05734559T patent/ATE434878T1/en active
- 2005-04-18 PT PT05734559T patent/PT1751911E/en unknown
- 2005-05-23 US US11/134,951 patent/US8478995B2/en active Active
-
2006
- 2006-11-21 IL IL179466A patent/IL179466A/en active IP Right Grant
- 2006-12-20 NO NO20065967A patent/NO20065967L/en not_active Application Discontinuation
- 2006-12-20 ZA ZA200610784A patent/ZA200610784B/en unknown
-
2007
- 2007-03-16 HK HK07102838.5A patent/HK1095452A1/en unknown
-
2009
- 2009-09-21 CY CY20091100971T patent/CY1109389T1/en unknown
- 2009-09-24 HR HR20090506T patent/HRP20090506T1/en unknown
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0869652A2 (en) * | 1997-04-01 | 1998-10-07 | Tumbleweed Software Corporation | Document delivery system |
US20030046533A1 (en) * | 2000-04-25 | 2003-03-06 | Olkin Terry M. | Secure E-mail system |
US20030172262A1 (en) * | 2002-03-06 | 2003-09-11 | Ian Curry | Secure communication apparatus and method |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101039132B (en) * | 2006-03-14 | 2012-08-22 | 三星电子株式会社 | Method of distributing gid in PLC network, method of receiving gid in PLC network, apparatus for authorization in PLC network, and PLC device |
US8555058B2 (en) | 2006-03-14 | 2013-10-08 | Samsung Electronics Co., Ltd. | Method of distributing group IDs in PLC network, method of receiving group IDs in PLC network, authentication apparatus, and PLC apparatus |
WO2008030991A2 (en) * | 2006-09-06 | 2008-03-13 | Agilix Labs, Inc. | Security methods for preventing access to educational information by third parties |
WO2008030991A3 (en) * | 2006-09-06 | 2008-07-31 | Agilix Labs Inc | Security methods for preventing access to educational information by third parties |
WO2013125982A1 (en) * | 2012-02-21 | 2013-08-29 | Rawllin International Inc. | Dual factor digital certificate security algorithms |
Also Published As
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2005332289B2 (en) | A method of encrypting and transferring data between a sender and a receiver using a network | |
US9497172B2 (en) | Method of encrypting and transferring data between a sender and a receiver using a network | |
US7418597B2 (en) | Apparatus for accepting certificate requests and submission to multiple certificate authorities |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 179466 Country of ref document: IL |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2007514065 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: PA/a/2006/013609 Country of ref document: MX |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2569761 Country of ref document: CA |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2005734559 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 552251 Country of ref document: NZ Ref document number: 2006/10784 Country of ref document: ZA Ref document number: 2005332289 Country of ref document: AU Ref document number: 200610784 Country of ref document: ZA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 9778 Country of ref document: GE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020067027260 Country of ref document: KR Ref document number: 200602160 Country of ref document: EA Ref document number: 1610/MUMNP/2006 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 200580022256.1 Country of ref document: CN |
|
ENP | Entry into the national phase |
Ref document number: 2005332289 Country of ref document: AU Date of ref document: 20050418 Kind code of ref document: A |
|
WWP | Wipo information: published in national office |
Ref document number: 2005332289 Country of ref document: AU |
|
WWP | Wipo information: published in national office |
Ref document number: 2005734559 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: PI0511201 Country of ref document: BR |